<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
    
<?php 
$layout = explode('&&&', file_get_contents('layout.html'));
echo $layout[0];

session_start();
if (!(isset($_SESSION['username'])))
	header("location:login.php");
	
$id=$_GET['id'];
?>

<html>
<head>
</head>
<style type="text/css">
<!--
.style1 {color: #FF0000}
-->
</style>
<body>

<!-- Begin Main Column -->

<div id="mainContent">
	
  <h2>Find <?php if($id==1){echo " & Edit ";}elseif($id==2){echo " & Delete ";}?>Participant</h2>
        <p></p>Find Participant
  <form id="form3" method="post" action="">
          <table width="200" border="0">
            <tr>
              <td>First Name:</td>
              <td><label>
                <input type="text" name="first_name_participant" id="first_name_participant" />
              </label></td>
            </tr>
            <tr>
              <td>Last Name:</td>
              <td><label>
                <input type="text" name="last_name_participant" id="last_name_participant" />
              </label></td>
            </tr>
          </table>
          <p>
            <label>
            <input type="submit" name="participant_search" id="participant_search" value="Search" class="button"/>
            </label>
    </p>
  </form>

<!-- Begin Side Column -->
<!-- Begin Footer -->

<?php
	 	if($_POST) {
			ob_start();
			$host="localhost"; // Host name
			$username="root"; // Mysql username
			$password=""; // Mysql password
			$db_name="rtl"; // Database name
			
			// Connect to server and select databse.
			mysql_connect("$host", "$username", "$password")or die("cannot connect");
			mysql_select_db("$db_name")or die("cannot select DB");
			
			$first_name_participant=$_POST['first_name_participant'];
			$last_name_participant=$_POST['last_name_participant'];
			
			$action=$_GET['id'];
			
			// To protect MySQL injection (more detail about MySQL injection)
			$first_name_participant = stripslashes($first_name_participant);
			$last_name_participant = stripslashes($last_name_participant);

			$first_name_participant = mysql_real_escape_string($first_name_participant);
			$last_name_participant = mysql_real_escape_string($last_name_participant);
			
			if($first_name_participant != "" && $last_name_participant != "") {
				$first_name_participant = "%".$first_name_participant."%";
				$last_name_participant = "%".$last_name_participant."%";
				$participant_by_name = mysql_query("SELECT PARTICIPANTID, FIRSTNAME, LASTNAME, CITY, ADDRESS, PHONENO FROM PARTICIPANTS WHERE FIRSTNAME LIKE '$first_name_participant' AND LASTNAME LIKE '$last_name_participant'");
				echo "<table border='1'>";
  				echo "<tr> <th>First Name</th> <th>Last Name</th> <th>City</th> <th>Address</th> <th>Phone number</th>";
  				//keeps getting the next row until there are no more to get
				while($row = mysql_fetch_array($participant_by_name))
				{
					// Print out the contents of each row into a table
					$participant_id=$row['PARTICIPANTID'];
					echo "<tr><td>";
					if($action==1) {
						echo "<a href=\"EditParticipant.php?id=$participant_id\">".$row['FIRSTNAME']."</a>";
					}
					else if($action==2) {
						echo "<a href=\"DeleteEvent.php?id=$participant_id&action=3\">".$row['FIRSTNAME']."</a>";
					}
					echo "</td><td>";
					echo $row['LASTNAME'];
					echo "</td><td>";
					echo $row['CITY'];
					echo "</td><td>";
					echo $row['ADDRESS'];
					echo "</td><td>";
					echo $row['PHONENO'];
				}
				echo "</table>";
			}
		
			if($first_name_participant != "" && $last_name_participant == "") {
				$first_name_participant = "%".$first_name_participant."%";
				$participant_by_name = mysql_query("SELECT PARTICIPANTID, FIRSTNAME, LASTNAME, CITY, ADDRESS, PHONENO FROM PARTICIPANTS WHERE FIRSTNAME LIKE '$first_name_participant'");
				echo "<table border='1'>";
  				echo "<tr> <th>First Name</th> <th>Last Name</th> <th>City</th> <th>Address</th> <th>Phone number</th>";
  				//keeps getting the next row until there are no more to get
				while($row = mysql_fetch_array($participant_by_name))
				{
					// Print out the contents of each row into a table
					$participant_id=$row['PARTICIPANTID'];
					echo "<tr><td>";
					if($action==1) {
						echo "<a href=\"EditParticipant.php?id=$participant_id\">".$row['FIRSTNAME']."</a>";
					}
					else if($action==2) {
						echo "<a href=\"DeleteEvent.php?id=$participant_id&action=3\">".$row['FIRSTNAME']."</a>";
					}
					echo "</td><td>";
					echo $row['LASTNAME'];
					echo "</td><td>";
					echo $row['CITY'];
					echo "</td><td>";
					echo $row['ADDRESS'];
					echo "</td><td>";
					echo $row['PHONENO'];
				}
				echo "</table>";
			}
		
			if($first_name_participant == "" && $last_name_participant != "") {
				$last_name_participant = "%".$last_name_participant."%";
				$participant_by_name = mysql_query("SELECT PARTICIPANTID, FIRSTNAME, LASTNAME, CITY, ADDRESS, PHONENO FROM PARTICIPANTS WHERE LASTNAME LIKE '$last_name_participant'");
				echo "<table border='1'>";
  				echo "<tr> <th>First Name</th> <th>Last Name</th> <th>City</th> <th>Address</th> <th>Phone number</th>";
  				//keeps getting the next row until there are no more to get
				while($row = mysql_fetch_array($participant_by_name))
				{
					// Print out the contents of each row into a table
					$participant_id=$row['PARTICIPANTID'];
					echo "<tr><td>";
					if($action==1) {
						echo "<a href=\"EditParticipant.php?id=$participant_id\">".$row['FIRSTNAME']."</a>";
					}
					else if($action==2) {
						echo "<a href=\"DeleteEvent.php?id=$participant_id&action=3\">".$row['FIRSTNAME']."</a>";
					}
					echo "</td><td>";
					echo $row['LASTNAME'];
					echo "</td><td>";
					echo $row['CITY'];
					echo "</td><td>";
					echo $row['ADDRESS'];
					echo "</td><td>";
					echo $row['PHONENO'];
				}
				echo "</table>";
			}
		}
	?>
    </div>

<?php
echo $layout[1];
?>
</body>
</html>

